MUST READ

LunaLock Ransomware threatens victims by feeding stolen data to AI models

 | 

Hackers breached Salesloft ’s GitHub in March, and used stole tokens in a mass attack

 | 

Canadian investment platform Wealthsimple disclosed a data breach

 | 

Venezuela’s President Maduro said his Huawei Mate X6 cannot be hacked by US cyber spies

 | 

Czech cyber agency NUKIB flags Chinese espionage risks to critical infrastructure

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 61

 | 

Security Affairs newsletter Round 540 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Qantas cuts executive bonuses by 15% after a July data breach

 | 

MeetC2 - A serverless C2 framework that leverages Google Calendar APIs as a communication channel

 | 

Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation

 | 

U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog

 | 

SVG files used in hidden malware campaign impersonating Colombian authorities

 | 

France’s CNIL fined Google $379M and Shein $175M for breaching cookie rules

 | 

$10M reward for Russia's FSB officers accused of hacking US Critical infrastructure

 | 

Severe Hikvision HikCentral product flaws: What You Need to Know

 | 

U.S. CISA adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog

 | 

Google addressed two Android flaws actively exploited in targeted attacks

 | 

U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog

 | 

Android droppers evolved into versatile tools to spread malware

 | 

Jaguar Land Rover shuts down systems after cyberattack, no evidence of customer data theft

 | 

malware

Pierluigi Paganini March 31, 2025
Morphing Meerkat phishing kits exploit DNS MX records

Morphing Meerkat phishing kits exploit DNS MX records to deliver spoofed login pages, targeting over 100 brands. Infoblox researchers discovered a new phishing-as-a-service (PhaaS) platform that generated multiple phishing kits, called Morphing Meerkat, using DNS mail exchange (MX) records to deliver fake login pages and targeting over 100 brands. Threat actors are exploiting DNS techniques […]

Pierluigi Paganini March 30, 2025
CISA warns of RESURGE malware exploiting Ivanti flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of RESURGE malware, targeting a vulnerability in Ivanti Connect Secure (ICS) appliances. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a Malware Analysis Report (MAR) on a new malware called RESURGE. The malicious code has been used in attacks targeting the flaw CVE-2025-0282 in Ivanti Connect […]

Pierluigi Paganini March 30, 2025
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 39

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Microsoft Trusted Signing service abused to code-sign malware Shedding light on the ABYSSWORKER driver  VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI   Raspberry Robin: Copy […]

Pierluigi Paganini March 30, 2025
Security Affairs newsletter Round 517 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. FBI and DOJ seize $8.2 Million in romance baiting crypto fraud scheme Experts warn of the new sophisticate […]

Pierluigi Paganini March 30, 2025
Sam’s Club Investigates Alleged Cl0p Ransomware Breach

The Walmart-owned membership warehouse club chain Sam’s Club is investigating claims of a Cl0p ransomware security breach. Sam’s Club is a membership warehouse club chain in the United States, owned by Walmart. Founded in 1983 by Sam Walton, Walmart’s founder, as Sam’s Wholesale Club, it was renamed Sam’s Club in 1990. These stores operate on a bulk […]

Pierluigi Paganini March 29, 2025
Experts warn of the new sophisticate Crocodilus mobile banking Trojan

The new Android trojan Crocodilus exploits accessibility features to steal banking and crypto credentials, mainly targeting users in Spain and Turkey. ThreatFabric researchers discovered a new Android trojan called Crocodilus, which exploits accessibility features to steal banking and crypto credentials. “Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from […]

Pierluigi Paganini March 28, 2025
Crooks are reviving the Grandoreiro banking trojan

Grandoreiro Banking Trojan resurfaces, targeting users in Latin America and Europe in new phishing campaigns. Forcepoint X-Labs researchers warn of new phishing campaigns targeting Latin America and Europe in new phishing campaigns. The Trojan has been active since 2016, it initially targeted Brazil but expanded to Mexico, Portugal, and Spain since 2020. Grandoreiro is a modular […]

Pierluigi Paganini March 28, 2025
Russian authorities arrest three suspects behind Mamont Android banking trojan

Russian authorities arrested three suspects for developing Mamont, a newly identified Android banking trojan. Russian authorities arrested three suspects in Saratov for developing Mamont (Russian for mammoth), a recently discovered Android banking trojan. “Three Saratov residents are suspected of fraud and unauthorized access to computer information. Officers from the fraud prevention department of PJSC Sberbank […]

Pierluigi Paganini March 27, 2025
Crooks target DeepSeek users with fake sponsored Google ads to deliver malware

Cybercriminals are exploiting the popularity of DeepSeek by using fake sponsored Google ads to distribute malware. While DeepSeek is rising in popularity, threat actors are attempting to exploit it by using fake sponsored Google ads to distribute malware, Malwarebytes researchers warn. Crooks are using DeepSeek as a lure to trap unsuspecting Google searchers. “Unfortunately, we […]

Pierluigi Paganini March 26, 2025
New ReaderUpdate malware variants target macOS users

New ReaderUpdate malware variants, now written in Crystal, Nim, Rust, and Go, targets macOS users, SentinelOne warns. SentinelOne researchers warn that multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages, are targeting macOS users. ReaderUpdate is a macOS malware loader that has been active since 2020, the malicious code […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

LunaLock Ransomware threatens victims by feeding stolen data to AI models

Malware / September 09, 2025

Hackers breached Salesloft ’s GitHub in March, and used stole tokens in a mass attack

Hacking / September 08, 2025

Canadian investment platform Wealthsimple disclosed a data breach

Data Breach / September 08, 2025

Venezuela’s President Maduro said his Huawei Mate X6 cannot be hacked by US cyber spies

Security / September 08, 2025

Czech cyber agency NUKIB flags Chinese espionage risks to critical infrastructure

Intelligence / September 08, 2025